package com.hnhs.config;

import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.stereotype.Component;

@Component
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    //用户信息的认证
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                .withUser("admin").password("123456")
                .authorities("find"); //拥有的权限
    }

    //配置的请求拦截
    //@Override
//    protected void configure(HttpSecurity http) throws Exception {
//       http.authorizeRequests()
//               .antMatchers("/**").fullyAuthenticated()
////               .and().httpBasic(); //拦截所有信息
//               .and().formLogin();
//    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/sec/login").permitAll()//放行
                .antMatchers("/sec/index").permitAll()
                //.antMatchers("/sec/add").hasAnyAuthority("add")
                .antMatchers("/sec/find").hasAnyAuthority("find")
                .antMatchers("/js/**","/css/**").permitAll()
                .regexMatchers(".+[.]png").permitAll()
                .regexMatchers(HttpMethod.GET,"/sec/add").permitAll()

                .antMatchers("/**").fullyAuthenticated()
//               .and().httpBasic(); //拦截所有信息
                .and().formLogin().loginPage("/sec/login")//登录页面
                .successForwardUrl("/sec/index").failureForwardUrl("/sec/login")
                .and().csrf().disable();  //跨站攻击 默认是关闭的
    }
}
